I'm a new blood when it comes to ethical hacking, pentesting, and social engineering and only hold practice and experience as any credential. If I were going to make a career of social engineering, what Certs/Studies should I seek? My current thoughts are Sec+, MCSA: Sec, CEH, SSCP, CCNA, CCSP, and finally CISSP. Is there a more logical progression or something I may have missed?

Thanks for the replies. My question was mis-formed and I'm surprised that anyone was able to target in on what I meant, especial so well. My purpose was to inquire as to a cert path that would help me in Social Engineering and shore up my skills on the technical end. The psych class suggestion was one avenue I had considered. I'm looking into a future career in security with an emphasis on the Social Engineering aspects. Possibly as part of a pentesting career. Right now, I have interests and motivation but not a course. I will check the video courses and see about opening a dialog with Chris Hadnagy and Dave Kennedy. Thanks for the insight and redirecting my question to a answerable one.

I was a psych major for 1.5 years but I'm a really bad social engineer in person or over the phone. It's a much different story when I can establish my scenarios in written text. Some people just don't have the gift of gab required for really exploiting trust and I don't think it's something you can learn. The concepts of how to modify behavior, and learning what makes people tick and how trust relationships work is invaluable and trainable, but delivery is a whole different animal. I recommend recruiting a hot chick to help. It's way more effective than any pretexting scenario you can deliver yourself (usually)

tturner wrote:I was a psych major for 1.5 years but I'm a really bad social engineer in person or over the phone. It's a much different story when I can establish my scenarios in written text. Some people just don't have the gift of gab required for really exploiting trust and I don't think it's something you can learn. The concepts of how to modify behavior, and learning what makes people tick and how trust relationships work is invaluable and trainable, but delivery is a whole different animal.

I'm the same way, I'm really socially awkward. I need to learn the SET framework haha

tturner wrote:I recommend recruiting a hot chick to help. It's way more effective than any pretexting scenario you can deliver yourself (usually)

lol Very true.

Last edited by lorddicranius on Wed Jul 20, 2011 4:00 pm, edited 1 time in total.

1. Confidence - This comes with being secure with your knowledge of a technology and/or situation. Experience helps here, too. So go practice. Pick up some women, will you?

2. Take an acting course and a public speaking course. Try some improv games with your friends. Helps you be swift on your feet when something is thrown at you that's not expected.

3. Always have an out. Oh I'm sorry, I was looking for the bathroom. Oops... I am so lost. Or is Dr. Smith's office in this building? This goes along with a couple concepts we may or may not be familiar with. First is the lawyer's creed not to ask a question to which you don't know an answer. Or to go the magic route, the magician's choice makes it look like the victim is in control, but you really are. Look it up.

Just some quick thoughts that I hope help point you in some directions to research and eventually try.

If you've watched any of Dave Kennedy's presentations he says he has success doing the following:

Target an individual in the organization that is new, specifically in Help Desk since there is usually a lot of turn over and they have access to "stuff." Pretend you're someone high up in the company, act like its an urgent situation and that you need "help." It's human nature to try and fix the problem or help the other person so if you stage the situation appropriately, you can get the results you want. It's amazing what you can learn about a company on LinkedIn.

"This is Super High Up Vice President Joe Schmoe, I cant open this PDF and I need it ASAP for a big meeting that starts in 5 minutes... can I email it to you so you can open it for me?"